played with the RSS early on, but just never got the hang of it. The polymorphic capabilities of the bots is the larger concern, I think. One infection can multiply and change so quickly inside your network that it will be very difficult to get on top of.
True. However, there is a manual technique for achieving the same goal today. When a malware writer sees that a signature is out for his code, he simply repacks it with another PE app such as Yoda, Morphine, FSG, etc. Now this isn't as dangerous as polymorphics because of speed and seeding but when 90% of the internet population rely on signature based solutions, this quickly becomes something to be familiar with.